14 May 2008

Google blurs the privacy issue

(Guardian)
Google is hoping to avoid a fight with European privacy campaigners as it prepares to launch its controversial Street View service this side of the Atlantic later in the year, by introducing new technology that blurs the faces of people its cameras inadvertently snap while scanning the streets.

Labels:

FR - Passeports biométriques : avis défavorable de la CNIL

(Le Monde)
Le gouvernement est passé outre l'avis de la Commission nationale de l'informatique et des libertés (CNIL) en créant le nouveau passeport biométrique, qui devra contenir, outre une photo numérisée, les empreintes digitales de huit doigts. Selon la CNIL, dont l'avis du 11 décembre 2007 a été publié au Journal officiel du 10 mai, "un sujet d'une telle importance devait passer devant le Parlement et nous n'avons pas obtenu les éléments qui permettent de justifier la création de cette banque de données", a résumé à l'AFP son président, Alex Türk.

Labels:

12 May 2008

EU - EDPS Opinion on ePrivacy Directive review

(RAPID)
On 10 April, the European Data Protection Supervisor (EDPS) adopted an Opinion on the European Commission's proposal amending, among others, the Directive on Privacy and electronic communications, usually referred to as the ePrivacy Directive. Peter Hustinx, EDPS, says: "I welcome the approach followed by the proposal which is in line with views expressed in previous opinions. However, the proposed amendments to the Directive are not as ambitious as they should be. In dealing with new issues, such as the setting up of a mandatory security breach notification system, the proposal remains too restrictive in its scope."

Labels:

09 May 2008

IT - Publish and be taxed

(Economist)
At the end of April, without warning or consultation with the data-protection authority the Italian tax authorities put all 38.5m tax returns for 2005 up on the internet. The site was promptly jammed by the volume of hits. Before being blacked out at the insistence of data protectors, vast amounts of data were downloaded, posted to other sites or, as eBay found, burned on to disks.

Labels: ,

20 April 2008

FR - French websites liable for story in RSS reader

(OUT-LAW News)
A French court has punished web publishers because of snippets of text that appeared on their sites via an RSS reader. It is believed to be the first time that a website operator has been held responsible for content delivered by a third party's RSS feed.

Labels: ,

19 April 2008

FR - French sites fined for linking to privacy-invading content

(OUT-LAW News)
Three French websites have been found guilty of invading an actor's privacy for publishing links to articles containing the offending material. The Paris Tribunal has fined the operators of all three sites. Oliver Martinez, who is famous for his relationship with pop singer Kylie Minogue, sued two blogs and one news site over links to other people's stories about him and his relationship with Minogue. The case was principally against Fuzz.fr, a website which displays links to news stories on other sites ranked by popularity. One of those links was to a story about Martinez and Minogue and formed the basis of the case, which claimed that the article violated his right to privacy. French sites fined for linking to privacy-invading content.

Labels: ,

EU - Eurobarometer survey reveals that EU citizens are not yet fully aware of their rights on data protection

(RAPID)
This summary gives an overview of the findings of the Flash Eurobarometer survey on Data Protection that was conducted in January 2008. Previous waves of the survey had been performed three times before, in 1991, 1996 and 2003. Fieldwork was carried out from January 8th to 12th, 2008. Over 27,000 randomly selected citizens aged 15 years and over were interviewed in the 27 EU Member States.

Labels: ,

EU - Eurobarometer survey measures perceptions amongst European data controllers

(RAPID)
National laws on data protection demand good data management practices on the part of the entities that process data: the "data controllers". These include the obligation to process data fairly and in a secure manner, and to use personal data for well-defined and legitimate purposes. This Flash Eurobarometer survey on Data Protection in the EU (No 226) measures perceptions about data protection among data controllers in the 27 EU Member States.

Labels: ,

18 April 2008

UK - People are mugs over identity theft

(Silicon News)
Social network data makes life too easy for fraudsters. Identity theft is rife. Perhaps it's time individuals took a leaf out of business's book and adopted a personal information policy that will make life harder for criminals.

Labels: , ,

08 April 2008

EU - Search engines must delete data after six months, say watchdogs

(OUT-LAW News)
Search engines must delete search logs after six months if they are to comply with data protection laws, according to a committee of EU countries' privacy watchdogs. The Article 29 Working Party has published a long-awaited report into search engines and privacy which is the result of months of consideration. That report says that search engine companies must delete personal data as soon as they have used it for the purpose for which it was gathered, and that it should not be routinely kept for longer than six months.

Labels:

20 March 2008

Facebook opens door to second-class friends

(Times)
Facebook is to allow its users to create a hierarchy of friends within their profiles - in a move that threatens to complicate the already delicate social etiquette that governs the site. As part of new controls to be introduced in the social networking site's privacy settings, Facebook users will be given the option of banning certain friends from seeing what they are up to and accessing sensitive information in their profile. The change will mean that, for instance, a particular friend - a former partner, say - could be prevented from seeing that a person had changed their relationship status, while others could be banned from knowing the person's political or religious views.

Labels: ,

17 March 2008

Web creator rejects net tracking

(BBC)
The creator of the web has said consumers need to be protected against systems which can track their activity on the internet. Sir Tim Berners-Lee told BBC News he would change his internet provider if it introduced such a system. Plans by leading internet providers to use Phorm, a company which tracks web activity to create personalised adverts, have sparked controversy.

Labels:

08 March 2008

FR - Note2be.com jugé « illégitime » par la Cnil

(ZDNet.fr)
Le très controversé site Note2be.com qui permet aux élèves de noter leurs profs, est épinglé par la la Commission nationale de l'informatique et des libertés (Cnil) qui dénonce notamment le fait que les intéressés ne disposent pas de leur droit de contrôle sur les informations publiées, c'est-à-dire les données nominatives.

Labels:

06 March 2008

Phorm fires privacy row for ISPs

(Guardian)
Web users are up in arms over what they see as an invasion of privacy by a company that will track surfing patterns to serve targeted ads. See also Ad system 'will protect privacy' (BBC).

Labels: ,

04 March 2008

EU - Protection of children's personal data

(Europa)
Working Document 1/2008 on the protection of children's personal data (General guidelines and the special case of schools). WP 147.Adopted by the art. 29 Data Protection Working Party, 18.02.2008,

Labels:

FR - Le site de notation des profs recalé

(Libération)
Les profs ne pourront plus être évalués par leurs élèves. C´est ce que le tribunal des référés de Paris a fait valoir en enjoignant le site Note2be.com à suspendre «l´utilisation de données nominatives d´enseignants aux fins de leur notation et de leur traitement ainsi que leur affichage sur les pages du site». Dans son jugement, le tribunal parle de ces limites qui portent atteinte aux activités d´enseignement, mais aussi de la liberté d´information et d´expression.

Labels:

03 March 2008

CoE - Declaration on protecting the dignity, security and privacy of children on the internet

(Council of Europe)
The traceability of children's activities on the internet may expose them to criminal activities (for example the solicitation or "grooming" of children for sexual purposes, discrimination, bullying, stalking and other forms of harassment). Children need to be informed about the enduring presence of, and the risks associated with, the content they create on the internet. The right to privacy and the secrecy of correspondence is not respected on the internet. The profiling of information and the retention of personal data regarding children's activities can be used for commercial purposes. The Committee of Ministers asks member states to work together to explore the feasibility of removing or deleting such content and its traces within a reasonably short period of time. See Full text of the Declaration

Labels: ,

01 March 2008

UK - Private data, public interest?

The use of material taken from personal profiles on social networks by newspapers is to be the subject of a major consultation undertaken by industry watchdog the Press Complaints Commission (PCC). This comes in the wake of increasingly numbers of newspaper stories that include images and text taken from sites like Bebo, MySpace and Facebook.

Labels:

26 February 2008

EU privacy watchdogs say any processor must obey EU rules

(OUT-LAW News)
Europe's data protection watchdogs have said that internet companies that do any personal data processing in Europe must comply with its privacy laws even if they are based outside of Europe. The Article 29 Working Party, a committee of all of the EU country's privacy or data protection commissioners, said that its data protection rules must apply to personal data processed by companies that do not even have offices in the EU. "[The EU's] provisions also apply to such controllers who have their headquarters outside the EU, but only an establishment in one of the EU Member States, or who use automated equipment based in one of the Member States for the purposes of processing personal data," said a Working Party statement. The EU's privacy watchdogs are locked in a battle with search engine companies such as Google over the processing of personal data. There are debates about whether companies are subject to the EU's rules as well as what those rules mean.

Labels:

AU - Judge on privacy: Computer code trumps the law

(CNET News) Australian Judge Kirby says computer code is more potent than the law--and that legislators are powerless to do anything about it. Technology has outpaced the legal system's ability to regulate its use in matters of privacy and fair use rights.

Labels: , ,

24 February 2008

EU guidelines on RFID aim to protect privacy

(Reuters)
RFID chips embedded in items ranging from pets to retail products will have to be deactivated at the point of sale to protect purchasers' privacy under draft guidelines proposed by the European Commission. A public consultation is being launched into the "soft law" guidelines that EU information society and media commissioner Viviane Reding hopes will be adopted by the European Union executive to be applied in all the bloc's 27 member states. The consultation will be open until 25 April. The Commission services will then analyse the received contributions and put forward a draft Recommendation for adoption before the summer of 2008.

Labels:

Call to scrap children's database

(BBC)
The government faces calls to scrap a database containing the details of every child in England after a report said it could never be secure. The report, by accountants Deloitte and Touche, was ordered after last year's missing data discs crisis. ContactPoint will begin operation in September or October this year, five months later than planned. It will list the name, address and date of birth of every child in England and contact details for their parents, doctors and schools. Every child will be given a "unique identifying number"

Labels:

Personal data privacy 'at risk'

(BBC)
Millions of people are leaving themselves open to identity theft when using social networking websites, according to the consumer group Which? Members of sites such as Facebook can join large networks which reveal personal information to thousands of others on the network. Which? says people are at a greater risk of being targeted by fraudsters than they think.

Labels:

Google argues against calling IP addresses "personal data"

(Ars Technica)
European data protection leaders are considering a plan that would make IP addresses "personal information." Google wants to make sure it doesn't happen, and today it took the fight to the blogosphere. In a new public policy posting, Google software engineer Alma Whitten made the case that IP addresses aren't so much personal information as potentially personal information. Many IP addresses assigned to consumers don't reliably map to a single machine (due to the wonders of DHCP), and even when they do, it's only the machine and not the person who is identified. Google clearly hopes to avoid a "black-and-white declaration that all IP addresses are always personal data."

Labels:

17 February 2008

EU - EC plans biometric border checks

(CNET News)
Visitors to Europe will face biometric screening and automated security checks under proposals for a shake-up of EU border controls. Under plans to strengthen checks at European borders laid out by the European Commission, international travelers would also have their stay logged and monitored by an electronic system, which could become operational by 2015.

Labels: , ,

10 February 2008

US - Teens posting personal info: Study

(NetFamilyNews)
We now have further insights into teens' info-sharing practices in the Journal of Adolescence. According to this, 8.8% revealed their full name, 57% included a picture, 27.8% listed their school and 0.3% provided their telephone number. The authors concluded that "the problem of personal information disclosure on MySpace may not be as widespread as many assume, and the overwhelming majority of adolescents are responsibly using the web site." Personal information of adolescents on the Internet: A quantitative content analysis of MySpace by Sameer Hindujaa and Justin W. Patchin

Labels: , ,

04 February 2008

DE - StudiVZ-Chef fordert runden Tisch zum Datenschutz im Web 2.0

(Heise)
Der Geschäftsführer von StudiVZ, Marcus Riecke, hat sich bei einer Diskussion mit Schülern zum 2. Europäischen Datenschutztag an der Robert-Jungk-Oberschule in Berlin für die Einberufung eines runden Tischs zum Datenschutz im Web 2.0 ausgesprochen. Andere Plattformanbieter, Hüter der Privatsphäre, Werbetreibende, Jugendschützer und Innenpolitiker sollten zusammenkommen, um Rahmenbedingungen für soziale Netzwerke und andere Plattformen im Mitmach-Web abzustecken. Dabei sei etwa der "Zielkonflikt zwischen Daten- und Jugendschutz" bei der Frage der Speicherung von Logfiles der Nutzer zu erörtern.

Labels: ,

DE - Lehrerbenotungen im Internet: 3:0 für Spickmich

(Heise)
Das Landgericht Köln hat im Rechtsstreit zwischen einer Gymnasiallehrerin und dem Schülerportal "Spickmich" erneut gegen die Lehrerin entschieden. Diese will gerichtlich erzwingen, dass ihre persönlichen Daten und Bewertungen gelöscht werden. Bei "Spickmich" können Schüler Bewertungen über ihre Lehrer in Kategorien wie "cool und witzig", "faire Noten" oder "menschlich" abgeben. Die Gymnasiallehrerin, die zunächst lediglich die Note 4,3 erhalten hatte, sieht darin eine Verletzung ihrer Persönlichkeitsrechte und klagt auf Unterlassung. Das Gericht wies die Klage der Lehrerin jedoch als "unzulässig" ab. Das Grundrecht auf Meinungsfreiheit gelte zwar nicht unbeschränkt, sondern finde seine Grenzen bei reinen Schmähkritiken und Beleidigungen, doch davon könne bei "Spickmich" nicht die Rede sein. "Durch die Bewertungen sind nicht das Erscheinungsbild oder die allgemeine Persönlichkeit der Klägerin betroffen, sondern die konkrete Ausübung ihrer beruflichen Tätigkeit", argumentierten die Richter.

Labels: ,

31 January 2008

UK - Watchdog calls for 'reckless data-breach' offence

(ZDNet.co.uk)
The Information Commissioner's Office has called for amendments to UK data-protection laws, including making "reckless" data breaches an offence. In a document submitted to governemnt submitted to government, information commissioner Richard Thomas called for the Data Protection Act (DPA) to be amended to include a penalty for data controllers "knowingly or recklessly failing to comply with the principles" of the DPA.

Labels:

30 January 2008

EU - Countries can choose whether or not to force disclosure of file-sharers

(OUT-LAW News)
The European Court of Justice (ECJ) has ruled that EU law does not force the disclosure of internet users' details in file-sharing cases. The judgment will be a blow to record labels but could also put ISPs in the UK at a commercial disadvantage, a copyright expert has said. The ECJ has said that it is up to each country to decide how to balance the rights of the copyright holders to protect their intellectual property and the rights of internet users to protect their privacy. See Judgment of the Court of Justice in Case C-275/06 Productores de Música de España (Promusicae) v Telefónica de España SAU (ECJ Press Release). See also EU court ruling on file-sharers is not what it seems (OUT-LAW News).

Labels: , ,

28 January 2008

UK - Facebook faces privacy questions

(BBC)
Facebook is to be quizzed about its data protection policies by the UK Information Commissioner's Office. The investigation follows a complaint by a user of the social network who was unable to fully delete their profile even after terminating their account. Currently, personal information remains on Facebook's servers even after a user deactivates an account. Facebook has said it believes its policy is in "full compliance with UK data protection law".

Labels:

UK - Marks & Spencer ordered to encrypt data after laptop theft

(OUT-LAW News)
Marks & Spencer broke the law when it allowed the details of 26,000 employees to be held on a laptop without the protection of encryption, according to the Information Commissioner's Office (ICO). The laptop, and the information on it, has been stolen. The retailer must ensure that all laptop hard drives are encrypted by April of this year. If it fails to comply with an enforcement notice issued against it by the ICO it could face criminal charges.

Labels:

25 January 2008

Social sites prove hard to leave behind

(BBC)
Thousands of final-year students who've put a lot of information on social networks are starting to worry about what potential employers may find if they take a look. But one student at Nottingham Trent University has found just how hard it can be to leave one of the networks, MySpace.

Labels: ,

23 January 2008

UK - Whitehall staff face laptop ban

(Press Association)
A new ban on Whitehall staff removing unencrypted laptops containing personal data from their offices has begun. A massive operation to ensure that civil servants comply with the new rule, laid down by Cabinet Secretary Sir Gus O'Donnell on Monday night, is now under way. As well as communicating the policy to all staff, departments will have to ensure that officials can continue to do their jobs within the constraints of the ban.This is likely to involve the encryption of large swathes of data.

Labels: ,

UK - Ministry of Defence lost three unencrypted laptops

(ZDNet.co.uk)
Secretary of state for defence Des Browne has admitted that the laptop lost by the Ministry of Defence containing details of up to 600,000 defence personnel was not encrypted, and also that services personnel have previously lost two more laptops containing similar unencrypted recruitment information. On 9 January, the unencrypted laptop was stolen from a recruiting officer's car which had been left overnight in a car park in Edgbaston, Birmingham. The information on the stolen laptop included 3,700 people's bank details, as well as other data on up to 600,000 people, including their names. Approximately 153,000 people also had data including addresses, passport details, national insurance numbers, driver's licence details, doctors' addresses and National Health Service numbers compromised.

Labels: ,

22 January 2008

EU - Do internet companies protect personal data well enough?

(EP Press Service)
Claims that big internet companies, such as Google or Yahoo, track the on-line behaviour of millions of users, so as to be able to sell the resulting data to on-line advertisers, raise difficult issues, such as whether these data could also be used for other purposes that violate personal privacy, said data protection, industry and consumer protection bodies at a public hearing held by the Civil Liberties Committee on 21 January. see also EU Official: IP Is Personal (AP). IP addresses, string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said.

Labels:

21 January 2008

MySpace Bug Leaks 'Private' Teen Photos to Voyeurs

(Wired)
A backdoor in MySpace's architecture allows anyone who's interested to see the photographs of some users with private profiles - including those under 16 - despite assurances from MySpace that those pictures can only be seen by people on a user's friends list. Info about the backdoor has been circulating on message boards for months. Since the glitch emerged last fall, it has spawned a cottage industry of ad-supported websites that make it easy to access the photographs, spurring self-described pedophiles and run-of-the-mill voyeurs to post photos pilfered from private MySpace accounts.

Labels:

19 January 2008

UK - Facebook faces privacy questions

(BBC)
Facebook is to be quizzed about its data protection policies by the Information Commissioner's Office. The investigation follows a complaint by a user of the social network who was unable to fully delete their profile even after terminating their account. Currently, personal information remains on Facebook's servers even after a user deactivates an account. Facebook has said it believes its policy is in "full compliance with UK data protection law".

Labels: ,

16 January 2008

FBI takes biometrics database proposal to U.K.

(CNET News.com)
Police in the U.K. are in talks with the FBI about establishing an international biometric database for tracking down the world's most wanted criminals and terrorists. The so-called "server in the sky" database would share criminals' biometric data, such as fingerprints and iris scans, internationally. The Washington Post reported last month that the FBI is spending $1 billion to develop the world's largest centralized biometrics database, a system the agency calls Next Generation Identification.

Labels: , ,

08 January 2008

UK - TV presenter hoist with own petard

(Press Association)
Top Gear presenter Jeremy Clarkson has admitted he was wrong to brand the scandal of lost CDs containing the personal data of millions of Britons a "storm in a teacup" after falling victim to an internet scam. The outspoken star printed his bank details in a newspaper to try and make the point that his money would be safe and that the spectre of identity theft was a sham. He also gave instructions on how to find his address on the electoral roll and details about the car he drives. However, in a rare moment of humility Clarkson has now revealed the stunt backfired and his details were used to set up a £500 direct debit payable from his account to the British Diabetic Association. see also Twice bitten: acts of stupidity can lead to identity theft (Cnet).

Labels: ,

03 January 2008

Big Brother gets bigger, says global privacy study

(CNet)
According to a new international privacy report, governments around the world are increasingly invading the privacy of citizens with surveillance, identification systems, and archiving of private data. Driven by concern over immigration and border control, countries have been quick to implement database, identity, and fingerprinting systems, according to the 2007 International Privacy Ranking report. See also UK is Europe's worst in privacy league (Info4Security).

Labels:

01 January 2008

EU - EDPS expresses serious concerns about EU PNR proposal

(RAPID)
The European Data Protection Supervisor (EDPS) has issued his Opinion on the recent proposal of the Commission for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes. The proposal involves obligations for air carriers to transmit data about all passengers on flights to or from an EU Member State. The Opinion emphasizes the major impact the proposal would have on privacy and data protection rights of air passengers. While acknowledging that the fight against terrorism is a legitimate purpose, the EDPS expresses serious concerns about the necessity and proportionality of the proposal which, in his view, are not sufficiently established in the proposal. In addition, the EDPS takes a critical stance on the lack of clarity in relation to various aspects of the proposal, in particular the applicable legal framework, the identity of the recipients of personal data, and the conditions of transfer of data to third countries.

Labels:

EU - Commission welcome intervention by Dutch regulator OPTA against spyware and malware

(RAPID)
The Dutch Telecom Regulator OPTA has imposed a fine totalling 1 million euro on three Dutch enterprises for illegally installing software - so called spyware and adware - on more than 22 million computers in the Netherlands and elsewhere. The companies fined now by OPTA operated together under the name DollarRevenue, which was considered to be among the 10 largest spyware distributors in the world. They managed to install the software on personal computers via downloads from the Internet and by exploiting security loopholes in computer programmes. The illegally installed software allowed the companies to spy on the consumer's on line behaviour and triggered pop-up windows containing specific advertising material. Unlawful access to a personal computer to stall information such as spyware and adware is prohibited under European law, namely article 5(3) of the EU's ePrivacy Directive of 2002. National regulators are called upon to enforce this prohibition by deterrent measures. Yesterday's decision by OPTA is the first time that a national regulator has resorted to drastic fines against a company acting in violation of the EU ban.

Labels: ,

17 December 2007

UK - Millions of L-drivers' data lost

(BBC)
The details of three million candidates for the driving theory test have gone missing, Ruth Kelly has told MPs. Names, addresses and phone numbers - but not financial data - were among details on a computer hard drive which went missing in the US in May. It belonged to a contractor to the Driving Standards Agency, the transport secretary told MPs.

Labels: ,

05 December 2007

UK - Government offers reward in hunt for lost data

(Guardian)
The government has offered a £20,000 reward for the safe return of two missing CDs containing personal details of half the British population. The Metropolitan police, which has been heading the search for the data, has asked thousands of government workers to check their desks and homes "in case the package or discs have turned up".

Labels: , ,

01 December 2007

EU - Public Security, Privacy and Technology:

(RAPID)
Technology developments can enhance the protection of privacy and at the same time allow law enforcement authorities for a secure and timely access to information, including personal data. The Conference on Public Security, Privacy and Technology, organised by the European Commission brings together public and private sectors representatives to discuss this topics. See Closing speech on Public Security, Privacy and Technology by Franco Frattini, European Commissioner responsible for Justice, Freedom and Security. Programme.

Labels: ,

UK - Police target rubbish tips in hunt for missing data discs

(Scotsman)
POLICE hunting for the two missing data discs containing sensitive data about millions of people have searched rubbish tips in London, Scotland Yard said. The discs, containing 25 million child benefit claimants' personal details, went missing when a junior official sent them by courier in the internal mail from the Child Benefit office in Washington, Tyne and Wear, to the National Audit Office in London on October 18.

Labels: ,

Facebook in privacy U-turn over Beacon

(FT)
Privacy advocates declared victory after Facebook, the social networking website, moved to placate users concerned about the intrusiveness of its new Beacon advertising system. Changes to Beacon will allow users to ?opt-in? to sharing information through the service, which broadcasts purchases made on outside websites to Facebook users? friends.

Labels: ,

23 November 2007

UK - Young warned over social websites

(BBC)
Millions of young people could damage their future careers with the details about themselves they post on social networking websites, a watchdog warns. The Information Commissioner's Office found more than half of those asked made most of their information public.

Labels: , ,

22 November 2007

UK - Watchdog: Protecting data is not 'rocket science'

(ZDNet.co.uk)
In the wake of the largest-ever data breach to hit the UK, the Information Commissioner's Office has criticised the apparent lack of technological safeguards in government departments and called for "privacy-enhancing technologies" to be built into future projects.

Labels: , ,

21 November 2007

UK - Ministers under fire over records

(BBC)
The UK government's "basic competence" has been questioned by the Tories after the loss in the post of computer discs with 25m people's personal details on them. The child benefit data on them includes names, ages, bank and address details.

Labels: , ,

01 November 2007

UK - Data breaches misunderstood by gov't, say Lords

(Silicon News)
The government has failed to understand the threat to the continued growth of the internet posed by cyber crime, according to the influential House of Lords Science and Technology Committee.

Labels: ,

24 October 2007

US - NSA cooperation: OK for e-mail, IM companies?

(CNET News)
A new Senate bill would protect not only telephone companies from lawsuits claiming illegal cooperation with the National Security Agency. It would retroactively immunize e-mail providers, search engines, Internet service providers and instant-messaging services too.

Labels: , , ,

30 September 2007

Learning to live with Big Brother

(Economist)
These days, data about people's whereabouts, purchases, behaviour and personal lives are gathered, stored and shared on a scale that no dictator of the old school ever thought possible. Most of the time, there is nothing obviously malign about this. Governments say they need to gather data to ward off terrorism or protect public health; corporations say they do it to deliver goods and services more efficiently. But the ubiquity of electronic data-gathering and processing - and above all, its acceptance by the public - is still astonishing, even compared with a decade ago. Nor is it confined to one region or political system.

Labels:

29 September 2007

US - Google defends DoubleClick bid

(Computing)
Google has stepped up its battle to acquire advertising group DoubleClick, as the company's chief legal officer appeared before the US Congress. David Drummond told the Senate hearing that the proposed $3.1bn deal would be beneficial to the public and US enterprise. A subcommittee of the Senate Committee on the Judiciary will decide if the merger risks infringing on privacy and antitrust rules. The attack on Google's planned purchase has been led by key rival Microsoft. The software giant's general counsel, Brad Smith, told the hearing that acquiring DoubleClick would make Google, "the overwhelmingly dominant pipeline for all forms of online advertising."

Labels: ,

28 September 2007

Google's Gmail cookie vulnerability exposes user's privacy

(CNET News)
The "ethical hacking" group GNUCitizen has developed a proof-of-concept program to steal contacts and incoming e-mails from Google Gmail users. "This can be used to forward all your incoming e-mail," Pure Hacking security researcher Chris Gatford said. "It's just a proof of concept at the moment, but what they're demonstrating is the potential to use this vulnerability for malicious purposes."

Labels:

16 September 2007

FR - Is the IP address still a personal data in France?

(EDRI)
Two decisions from the Paris Appeal Court held that collection of IP addresses does not constitute a processing of personal data, and consequently was not subject to CNIL prior authorization, as required by the French Data Protection Act. In the mean time, the Advocate General of the European Court of Justice, in case C-257/06 Productores de Música de España (Promusicae) v. Telefónica de España, an entirely separate case lodged for reference by a Spanish Court under the preliminary ruling procedure, took the position that the EU legislation on personal data protection should prevail on the Community law on e-commerce, copyright protection and IP enforcement.

Labels: ,

15 September 2007

Do social network sites genuinely care about privacy?

(Guardian)
Very deeply, because it's only by guarding it jealously and parcelling it up and then selling it to someone else that they can make any money. Thus this season's poster child for social networking, Facebook, announced on its blog that in a few weeks, it will make parts of its 40 million users' details, such as their names and pictures, available to the major search engines - Google, Yahoo! and MSN Live - and so visible to anyone online. Why? Simple: money.

Labels: ,

Google calls for international privacy laws and policies

(OUT-LAW News)
The head of privacy at Google is urging the governments of the world to adopt a unified set of privacy laws to protect personal data online. A non-binding framework that is already used by Asia Pacific nations is recommended for global use.

Labels:

BE - ISP claims court ruling will force it into 'illegal' behaviour

(OUT-LAW News)
A Belgian court ruling would force internet service providers into conducting "invisible and illegal" checks on internet users' actions, according to Belgian ISP Scarlet, who were recently ordered by a Belgian court to block its users from engaging in illegal file-sharing. It has now lodged an appeal against that ruling. "This measure is nothing else than playing Big Brother on the Internet,'' said Scarlet managing director. "If we don't challenge it today, we leave the door open to permanent, and invisible and illegal, checks of personal data."

Labels: , , ,

Google calls for web privacy laws

(BBC News)
Google has been attacked for its own privacy policy : now the company has called on governments and business to agree a basic set of global privacy rules. Without global standards the health of the internet was at risk, the firm's privacy chief told a UN agency conference in Strasbourg. He said that the rise of the net meant vast amounts of personal data was now regularly shipped around the globe.

Labels: ,

02 September 2007

Who's afraid of Google?

(Economist)
The world's internet superpower faces testing times. Rarely if ever has a company risen so fast in so many ways as Google, the world's most popular search engine. The list of constituencies that hate or fear Google grows by the week. And now come the politicians. Libertarians dislike Google's deal with China's censors. Conservatives moan about its uncensored videos. But the big new fear is to do with the privacy of its users.

Labels:

01 September 2007

Second Monster hack affects millions

(vnunet.com)
Monster.com has admitted that the number of job seekers on its website who had their personal data stolen is greater than the 1.3 million originally reported. Monster.com kept the original attack secret for five days before alerting users to the problem. The company's database holds around 73 million CVs. Iannuzzi claimed that only a few hundred had cancelled their accounts, along with a "handful" of employers.

Labels: ,

19 August 2007

Facebook users pretty willing to add strangers as 'friends'

(News.com)
IT security firm Sophos has released the results of its Facebook ID Probe, a test to see just how many users of the site are willing to divulge highly personal information to potential identity thieves. The results, to say the least, show that more than a few Facebook members might not be taking their privacy seriously enough. Sophos created a fake Facebook profile, and randomly requested 200 members to be friends with 'Freddi.' Out of those 200, 87 accepted the friend request and 82 of those gave 'Freddi' access to "personal information" such as e-mail addresses, dates of birth, addresses and phone numbers, and school or work data.

Labels: ,

18 August 2007

UK - Press Complaints Commission raps paper over online video

(OUT-LAW News)
The Press Complaints Commission (PCC) has issued its first ever ruling on video content published online by a newspaper. It said that the Hamilton Advertiser breached school pupils' rights to privacy with a video of an unruly classroom.

Labels: ,

14 August 2007

UK - Honesty the best online policy

(BBC News)
Columnist Bill Thompson says firms should tell customers when their computer security has been breached. UK organisations have no legal duty to tell if personal data has been compromised. The situation may change, if the House of Lords Select Committee on Science and Technology has its way. They have spent the last year looking at internet security and how it affects us all and they published their final report, called Personal Internet Security.

Labels: , ,

04 August 2007

EU - MEPs fear that new PNR agreement fails to protect citizens' data

(EP Press RElease)
The European Parliament looked into the recent agreement signed by the EU-US administration for the transfer of air passengers' data and concluded in its resolution that the new deal still fails to offer an adequate level of data protection and it has been concluded without any involvement of parliaments from both sides, lacking democratic oversight. While recognising the difficult conditions under which the negotiations took place, MEPs regret that the EU-US agreement for the transfer of Passenger Name Records (PNR) is 'substantively flawed', in particular by 'open and vague definitions and multiple possibilities for exception'.

Labels:

02 August 2007

EU - EDPS - Data Protection Directive should be fully implemented

(EDRI-gram)
The EDPS (European Data Protection Supervisor), Peter Hustinx, issued on 25 July 2007 an opinion on the European Commission communication regarding the improved implementation of the EC Data protection directive (95/46), considering that the Directive should not be amended and asking for its full implementation before applying any changes.

Labels:

01 August 2007

EU finds clerical solution to PNR privacy concerns

(OUT-LAW News)
A new passenger name records (PNR) deal was announced this week by the EU and the US. It covers how much information can be handed to US authorities about passengers on flights from Europe to the US and the conditions on which it was kept. The US won major concessions from the EU, winning its demands to keep data for far longer and the ability to pass it on to other US agencies. The EU appeared to win one argument, reducing the amount of data transferred. However, the reduction of the number of data fields handed to US security services announced by the European Union was achieved by squeezing almost the same amount of data on to fewer lines. The news undermines what was seen as a concession won by EU negotiators.

Labels:

UK - Data retention law passed

(OUT-LAW News)
UK telecoms companies will have to keep phone call logs for a year under a new law to come into force in October. The law does not apply to records of internet activity, such as web surfing, email and Voice over Internet Protocol (VoIP) phone calls. The Data Retention (EC) Regulations transpose into UK law most of the European Union's Data Retention Directive. The Regulations will come into force on 1st October, two weeks after the deadline set by the EU, but they will not apply to internet traffic data. The Directive allows member states to extend the rules to internet data at a later date, provided these rules are in force by 15th March 2009.

Labels:

30 July 2007

UK - Caught on camera ? and found on Facebook

(BBC)
Facebook, the social networking website, is being used as a disciplinary tool by university authorities. Staff at Oxford University are searching the website, collecting photographs of students who they say have broken rules on post-examination celebrations, and handing down fines. The student union has branded the move a "disgraceful" intrusion into privacy and has e-mailed every common room advising how to prevent dons viewing the photographs.

Labels: ,

23 July 2007

Search sites tackle privacy fears

(BBC)
User worries are driving search firms to let people manage how much data they reveal when they visit the sites. The top four search sites, Google, Microsoft, Yahoo and Ask, have unveiled plans to cut how much data they hold and how long they store it. Going furthest Ask said it would let users search without surrendering any data about themselves and their PC.

Labels:

22 July 2007

US - Identity theft? What identity theft?

(Infoworld)
The GAO reports that identity theft really isn't a problem. The problem, apparently, is that the process of notifying consumers whenever their personal financial information has been compromised is confusing us simple-minded folks.

Labels: ,

21 July 2007

Google cookies will 'auto delete'

(BBC)
Google has said that its cookies, tiny files stored on a computer when a user visits a website, will auto delete after two years. They will be deleted unless the user returns to a Google site within the two-year period, prompting a re-setting of the file's lifespan. The company's cookies are used to store preference data for sites, such as default language and to track searches.

Labels:

06 July 2007

US - Appeals court dismisses suit against NSA spy program

(CNET News)
In a setback for foes of a controversial Bush administration wiretapping program, a federal appeals court threw out an American Civil Liberties Union lawsuit that alleged illicit snooping on Americans' calls and e-mails.

Labels: ,

EU - Our data retention is not data protection watchdogs' business, says Google privacy boss

(OUT-LAW News)
The retention of search engine query data is a security matter and not one for Europe's data protection officials, according to Google's global privacy chief. Google said that it had to keep the records because the Data Retention Directive demanded it, but the Article 29 Working Party said that the Directive does not apply to search engines.

Labels:

05 July 2007

EU / USA - Final agreements on PNR and SWIFT

(EDRI-gram)
After a long and difficult period of negotiations, on 28-29 June 2007, final agreements were reached between EU and USA on the data regarding European financial transactions operated by Belgian consortium SWIFT and on the passenger name records (PNR) issue respectively. Regarding the access to financial data from SWIFT, the US has committed to use any data received from SWIFT exclusively for counter-terrorism purposes, the data retention period being of 5 years. An "agreement was reached on the substance of the new Passenger Name Records (PNR) system, with only technical details and EU national parliaments' opinion still to be resolved".

Labels:

EU proposes anti-terror measures

(BBC)
The European Commission is drafting new Europe-wide measures to bolster the fight against terrorism, including sharing air passenger data. EU Justice Commissioner Franco Frattini said that all states needed to co-operate more closely. The measure is expected to require air passengers travelling into the EU to submit data for security agencies. Other proposals include creating a "rapid-alert" system for stolen explosives, a network of bomb disposal squads and making the spread of bomb-making instructions online a criminal offence.

Labels: , ,

DE - German legislation troubles the big Internet companies

(EDRI-gram)
Yahoo and Google seems to have problems adapting their business to the tough requirements of the German law regarding content harmful to minors and the implementation of the data retention directive, respectively. Yahoo has recently changed the way the content filter setting for its photo-sharing service Flickr works for German members so that they can't view photos labelled as "moderate" or "restricted" via the search function. The German draft law for the implementation of the data retention directive also raises problems with the online service providers. The draft foresees that providers of e-mail services will basically have to keep records of the following: the user's IP address for each e-mail sent and for each access to the inbox as well as the sender's network ID for every e-mail received. Peter Fleischer, Google privacy counsellor considered the draft law as "a severe blow to privacy " and praised the possibility to have anonymous email accounts.

Labels: ,

01 July 2007

OECD - Net growth prompts privacy update

(BBC)
The world's leading industrialised nations have been forced to update privacy laws made obsolete by the huge volume of data moving around the net. Of particular concern to the 30 OECD states was the increasing amount of personal data flowing between nations. These cross-border torrents made it tricky to prevent unlawful use of people's data and for authorities to enforce existing laws, the OECD said. The newly adopted recommendations update a 27-year-old agreement. The 1980 guidelines laid the foundations of privacy laws amongst OECD states but did not account for the internet age, with instant access to global information. OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy.

Labels:

28 June 2007

BR - YouTube wins "supermodel sex on the beach" case

(Ars Technica)
A Brazilian judge has ruled in favor of YouTube, Globo Comunicações e Participações, and Internet Group do Brasil (iG) this week in a case involving Brazilian model Daniella Cicarelli and a sex video. Cicarelli and her boyfriend, Tato Malzoni, had sued YouTube after a video of the couple having sex on a public beach in Brazil appeared on the site. The pair argued that YouTube was violating their privacy. Judge Gustavo Santini Teodoro ruled that the couple's privacy claims were unfounded and ordered Cicarelli to pay fees to each of the defendants.

Labels: , ,

15 June 2007

EU - Police will share data across Europe against privacy chief's advice

(out-law.com)
The Council of Ministers agreed the new deal at a meeting of justice and home office ministers this week. It will open up police databases, including DNA databases, to queries from all other EU nations. The deal has been agreed against the advice of the European Data Protection Supervisor (EDPS), whose role is to advise Europe's governing bodies on privacy and data protection issues.

Labels:

EU - Data retention laws do not cover Google searches

(out-law.com)
Google is not bound by the Data Retention Directive when it comes to search engine logs, Europe's data protection committee has said. Google has used the Directive to justify keeping data, but OUT-LAW has learned that the law does not apply. Google has come under increasing pressure in Europe to anonymise its server data, but the company says that it will wait until 18?24 months have passed before anonymising. Among its reasons for this was the Data Retention Directive.

Labels:

14 June 2007

US - TorrentSpy ruling a 'weapon of mass discovery'

(CNET News)
A judge in Los Angeles found that a computer server's RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit. It was a pro-copyright ruling that stunned nearly everyone dealing with the issue of online piracy. You may have to surrender what's in your RAM if sued. Legal experts say decision may cost businesses big bucks and threaten Web privacy.

Labels: ,

13 June 2007

EDPS letter to incoming Portuguese presidency: fundamental rights are not captives of security

(RAPID)
Peter Hustinx, the European Data Protection Supervisor, sent letters to the Portuguese Ministers for Justice and Interior. Hustinx requested the upcoming presidency to ensure sufficient consideration of data protection implications before Council initiatives are adopted. It seems that a number of agreements on new anti-terrorist measures have been concluded without fully considering the impact on fundamental rights. To help the Council avoid that from happening, the EDPS makes himself available as an advisor so that the Council can adopt effective as well as legitimate new policies.

Labels:

EU - Google agrees changes on privacy

(FT)
Google has made fresh concessions to European Union data protection officials, agreeing to limit the amount of time it keeps users? personal search data to 18 months. The US internet group also said it would "radically redesign" its policy on keeping information from "cookies" or identifier programmes on individual computers.

Labels:

10 June 2007

A Race to the Bottom - Privacy Ranking of Internet Service Companies

(Privacy Internationa)
This report has been prepared by Privacy International following a six-month investigation into the privacy practices of key Internet based companies. The ranking lists the best and the worst performers both in Web 1.0 and Web 2.0 across the full spectrum of search, email, e-commerce and social networking sites. The analysis employs a methodology comprising around twenty core parameters. We rank the major Internet players but we also discuss examples of best and worst privacy practice among smaller companies. Interim Rankings. See also An Open Letter to Google

Labels:

02 June 2007

EU - Data protection watchdogs letter to Google goes public

(OUT-LAW News)
A letter from an influential group of privacy experts in Europe saying that Google's new privacy policies appear to breach the requirements of the EU's data protection regime was published today. The letter is from the Article 29 Working Party, an independent European advisory body on data protection and privacy.

Labels:

Anger over DRM-free iTunes tracks

(BBC)
The launch of music tracks free of digital locks on iTunes has been overshadowed by the discovery that they contain data about who bought them. Some fear this data could be used to identify the owner of the tracks if they turn up on file-sharing sites.

Labels: ,

23 May 2007

New software can identify you from your online habits

(NewScientist)
If you thought you could protect your privacy on the web by lying about your personal details, think again. In online communities at least, entering fake details such as a bogus name or age may no longer prevent others from working out exactly who you are. That is the spectre raised by new research conducted by Microsoft. The computing giant is developing software that could accurately guess your name, age, gender and potentially even your location, by analysing telltale patterns in your web browsing history. But experts say the idea is a clear threat to privacy - and may be illegal in some places.

Labels: ,

22 May 2007

US - MySpace to provide sex offender data to state AGs

(CNET News.com)
MySpace.com unveiled a plan for cooperating with requests from state attorneys general for data pertaining to registered sex offenders. MySpace will provide the Multi-State Attorney General Executive Committee with data from Sentinel Safe, the database of information on registered sex offenders that the company has compiled through its partnership with identity verification firm Sentinel Tech Holding.

Labels: ,

12 May 2007

Google may use games to analyse net users

(Guardian)
Internet giant Google has drawn up plans to compile psychological profiles of millions of web users by covertly monitoring the way they play online games. The company thinks it can glean information about an individual's preferences and personality type by tracking their online behaviour, which could then be sold to advertisers. Details such as whether a person is more likely to be aggressive, hostile or dishonest could be obtained and stored for future use.

Labels: ,

11 May 2007

EU - Promoting Data Protection by Privacy Enhancing Technologies (PETs)

(RAPID)
The Commission has adopted a Communication with the purpose of identifying the benefits of Privacy Enhancing Technologies (PETs) and laying down the Commission's objectives in this field, to be achieved by a number of specific actions supporting the development of PETs and their use by data controllers and consumers. see also Privacy Enhancing Technologies (PETs) MEMO and Edri-gram article.

Labels:

01 May 2007

FR - French Government Decree on data retention - another Big Brother act | EDRI

(EDRI-gram)
The French Government, during this election period, is preparing a decree for the application of the law on the confidence in the numerical economy (LCEN) of 21 June 2004, which requires webmasters, hosting companies, fixed and mobile telephony operators and Internet service providers to retain all information and on Internet users and telephone subscribers and to deliver it to the police or the State at a simple request.

Labels: ,

EU - Privacy watchdog slams sharing of police data | OUT-LAW.COM

(OUT-LAW News)
Europe's privacy watchdog has expressed 'grave concern' about a proposal to share personal information between police forces across Europe, calling it a 'lowest common denominator approach that would hinder the fundamental rights of EU citizens'. Peter Hustinx, the European Data Protection Supervisor (EDPS), issued his opinion on a proposal put forward in January by the German Presidency of the EU. The German plan is a revision of a long-running proposal for sharing data between European police forces.

Labels:

FR - Le décret qui inquiète l´Internet français

(L'Express)
Le gouvernement veut imposer à tous les éditeurs de contenu en ligne, aux FAI et aux hébergeurs de conserver les traces des internautes passant sur leurs sites. Le Net français s'indigne. Apparemment sans fin, le feuilleton de l'instauration de mesures destinées à surveiller les réseaux vient de connaître un nouveau rebondissement. La publication d'une version« de travail » d'un décret d'application de la loi LCEN de juin 2004 (Loi pour la confiance dans l'économie numérique) a en effet soulevé une vague de protestations, tant de la part des professionnels du Net que de l'association de défense des libertés IRIS (Imaginons un réseau Internet solidaire). voir aussi Conservation des données d'identification et de connexion : toujours plus et plus longtemps (IRIS).

Labels:

01 April 2007

EU - RFID chips will force changes to Privacy and Electronic Communications Directive | OUT-LAW.COM

(OUT-LAW News)
The European Commission will make changes to the Privacy and Electronic Communications Directive to take account of the exploding market in radio frequency identification (RFID) chips, it has said. Amendments will be proposed by the middle of this year. The Commission has published a Communication, intended as 'a step towards a policy framework,' for dealing with RFID chips, whose usefulness is seen by some to be at odds with privacy and data protection.

Labels:

Google limits the search data retention period

(EDRIgram)
After consultations with privacy groups in Europe and the US, Google has decided to reduce to 18 - 24 months, the retention time for data related to users and their searches.

Labels:

20 March 2007

EU - follow-up on implementation of Data Protection Directive

(Europa)
Communication on the follow-up of the Work Programme for better implementation of the Data Protection Directive Protection Directive COM(2007) 87.

Labels:

18 March 2007

EU - Public to shape smart tag policy

(BBC)
European citizens are getting the chance to shape policy on smart tags. The European Commission is setting up a group made up of citizens, scientists, data protection experts and businesses to discuss how the tags should be used. Radio Frequency Identification (RFID) tags store data about the objects they are attached to, and are already used by some firms and supermarkets. See Commission proposes a European policy strategy for smart radio tags (Europa).

Labels:

Open new window when link clicked
Subscribe to Newsletter
text | HTML
Daily Digest
RSS feed